WordPress Security

There are 3 areas of your WordPress website that should be protected.  Use the following steps to increase security in each area:

 

  1. Protect the WP-Admin folder
    • Log in to your account at www.cera.net
    • Click on the Cloud dropdown and then click your website name
    • Click on the Web Sites icon and then click on the website you want to edit
    • Click on the .htaccess tab click the "Enable Helicon Ape" button
    • Click the green "+Add .htaccess" button
    • Click on the blank box under ".htaccess path: (your domain) and click on "root folder" and then click on "wp-admin"
    • Add the following file:

      • order deny,allow

        deny from all

        allow from <your ip address>

    • Click "Save and continue editing"

  2. Protect XMPLRPC / WP-Login

    • Log in to your account at www.cera.net
    • Click on the Cloud dropdown and then click your website name
    • Click on the Web Sites icon and then click on the website you want to edit
    • Click on the .htaccess tab click the "Enable Helicon Ape" button
    • Click on the .htaccess tab 
    • Click the green "+Add .htaccess" button
    • Click on the blank box under ".htaccess path: (your domain) and click on "root folder"
    • Add the following file:

      • <Files xmlrpc.php>

        order deny,allow

        deny from all

        allow from <your ip address>

        </Files>

         

        <Files wp-login.php>

        order deny,allow

        deny from all

        allow from <your ip address>

        </Files>

    • Click "Save and continue editing"

  3. Secure the wp-content/uploads folder
    • Log in to your account at www.cera.net
    • Click on the Cloud dropdown and then click your website name
    • Click on the File Manager icon and then click on your website name
    • Click on the wwwroot folder and then click on the wp-content folder
    • Click on the "Create File" button and name it webconfig
    • Add the following content to the file and then click "create":
      • <configuration>
        <system.webServer>
        <handlers>
        <clear />
        <add
        name="StaticFile"
        path="*" verb="*"
        modules="StaticFileModule,DefaultDocumentModule,DirectoryListingModule"
        resourceType="Either"
        requireAccess="Read" />
        </handlers>
        <staticContent>
        <mimeMap fileExtension=".*" mimeType="application/octet-stream" />
        </staticContent>
        </system.webServer>
        </configuration>

 

 

  • 0 Users Found This Useful
Was this answer helpful?